package mn.more.wits.server;

import javax.servlet.http.HttpSession;
import mn.more.wits.server.dao.AuthProviderDAO;
import mn.more.wits.server.model.WitsUser;
import org.apache.log4j.Logger;
import org.gwtwidgets.server.spring.ServletUtils;

/**
 * @author <a href="mailto:mike.liu@aptechmongolia.edu.mn">Mike Liu</a>
 * @version $Revision: 119 $
 */
public final class SecurityUtil {

	private static Logger logger = Logger.getLogger(SecurityUtil.class);

	public static WitsUser getCurrentUser() {
		HttpSession session = ServletUtils.getRequest().getSession(true);
		if (session == null) { return null; }
		Object userObj = session.getAttribute(AuthProviderDAO.KEY_AUTH);
		if (userObj == null) { return null; }
		if (userObj instanceof WitsUser) {
			return (WitsUser) userObj;
		} else {
			logger.error("found invalid object type (" + userObj.getClass() +
			             ") bound to session (key=" + AuthProviderDAO.KEY_AUTH + ")");
			return null;
		}
	}
}
